This paper presents the results of a laboratory study involving Mailvelope, a modern PGP client that integrates tightly with existing webmail providers. In our study, we brought in pairs of participants and had them attempt to use Mailvelope to communicate with each other. Our results shown that more than a decade and a half after "Why Johnny Can't Encrypt," modern PGP tools are still unusable for the masses. We finish with a discussion of pain points encountered using Mailvelope, and discuss what might be done to address them in future PGP systems.
The PDF of the study can be found here.
(Score: 2) by frojack on Sunday November 08 2015, @06:51PM
I'm pretty sure the GP has no idea about how it works and wasn't even aware there was a private key.
Public keys are sent to key-servers, which replicate them around the world. 20 minutes after you publish your public key to one key server all the others have it. You can also attach them to the message. Distributing your public key is another thing that the Enigmail client takes care of.
The upshot is the suggestion of loading all mail to a website that can decode it for the recipient is a non-starter. (Politest term I can think of).
If the cloud can decrypt your mail, its hopelessly compromised.
If the Cloud Can't decrypt your mail, there is no reason to have the cloud.
This article was about Mailvelope, which is a browser extension to handle the decryption/encryption tasks. It wasn't a full blown mail package.
It isn't the only such package out there that attempts to add encryption to web mail via browser plugins. Even google released a similar extension for chrome.
In general, in-browser decryption/encryption is considered a bad idea, because browsers are so easily hacked. Still, a lot of people use browsers to read mail, and any opensource browser plugin is probably a good idea: As long as it does work.
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Monday November 09 2015, @10:38AM
Not true.
(Score: 2) by frojack on Monday November 09 2015, @07:12PM
If the Cloud Can't decrypt your mail, there is no reason to have the cloud.
Not true.
Well, yes. clearly I meant there is no reason to have "the cloud" involved in email storage and retrieval as proposed by the GP.
And no, the cloud can't hide who email is sent from and to, because that is all revealed to the each smtp mail server in the chain.
Thank you Captain Pedantic.
No, you are mistaken. I've always had this sig.